Page MenuHomeVyOS Platform
Create Task
Maniphest T3123

Configuration of vti interface impossible
Closed, ResolvedPublicBUG
Actions

Description

I tried configure vti interface on rolling release VyOS 1.3-rolling-202012090217 and discovered bug:
`[edit]
vyos@vyos# set interfaces vti vti0 DEBUG vexit_internal: get_parsed_tmpl: failed to parse tmpl [/interfaces/vti/node.tag/ip]

DEBUG vexit_internal: get_parsed_tmpl: failed to parse tmpl [/interfaces/vti/node.tag/ip]

Possible completions:

<Enter>	Execute the current command

`
I fixed this issue by:
`sudo su -
cat /opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/ip/node.def > /opt/vyatta/share/vyatta-cfg/templates/interfaces/vti/node.tag/ip/node.def
cat /opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/ipv6/node.def > /opt/vyatta/share/vyatta-cfg/templates/interfaces/vti/node.tag/ipv6/node.def`

If I copy-paste config, commands applyed. But bug lead to unsuccessfull load configuration on reboot.

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202012090217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

vlesk created this task.Dec 10 2020, 3:08 AM
pasik added a subscriber: pasik.Dec 10 2020, 9:25 AM
Viacheslav added a subscriber: Viacheslav.Dec 10 2020, 12:12 PM

To reproduce

set interfaces vti vti2 address '10.0.0.1/30'
set interfaces vti vti2 description 'Tunnel to 100.64.0.2'

set vpn ipsec esp-group group-ESP compression 'disable'
set vpn ipsec esp-group group-ESP lifetime '3600'
set vpn ipsec esp-group group-ESP mode 'tunnel'
set vpn ipsec esp-group group-ESP pfs 'dh-group19'
set vpn ipsec esp-group group-ESP proposal 10 encryption 'aes256gcm128'
set vpn ipsec esp-group group-ESP proposal 10 hash 'sha256'
set vpn ipsec ike-group group-IKE dead-peer-detection action 'hold'
set vpn ipsec ike-group group-IKE dead-peer-detection interval '30'
set vpn ipsec ike-group group-IKE dead-peer-detection timeout '120'
set vpn ipsec ike-group group-IKE ikev2-reauth 'no'
set vpn ipsec ike-group group-IKE key-exchange 'ikev2'
set vpn ipsec ike-group group-IKE lifetime '28000'
set vpn ipsec ike-group group-IKE mobike 'disable'
set vpn ipsec ike-group group-IKE proposal 10 dh-group '19'
set vpn ipsec ike-group group-IKE proposal 10 encryption 'aes256gcm128'
set vpn ipsec ike-group group-IKE proposal 10 hash 'sha256'
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec site-to-site peer 100.64.0.2 authentication id '100.64.0.1'
set vpn ipsec site-to-site peer 100.64.0.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 100.64.0.2 authentication pre-shared-secret SSSecccRetT
set vpn ipsec site-to-site peer 100.64.0.2 authentication remote-id '100.64.0.2'
set vpn ipsec site-to-site peer 100.64.0.2 connection-type 'initiate'
set vpn ipsec site-to-site peer 100.64.0.2 ike-group 'group-IKE'
set vpn ipsec site-to-site peer 100.64.0.2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 100.64.0.2 local-address '100.64.0.1'
set vpn ipsec site-to-site peer 100.64.0.2 vti bind vti2
set vpn ipsec site-to-site peer 100.64.0.2 vti esp-group 'group-ESP'

Commit and check interface vti section.
There is no IP address on interface vtiX

vyos@r11# show interfaces vti 
 vti vti2 {
     description "Tunnel to 100.64.0.2"
 }
[edit]
vyos@r11#

Show interfaces

vyos@r11:~$ show int | match "Code|Desc|vti"
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
vti2             -                                 A/D  Tunnel to 100.64.0.2
vyos@r11:~$

Logs:

Dec 10 14:07:10 r11 sudo[5815]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/opt/vyatta/sbin/vyatta-address add vti2 10.0.0.1/30
Dec 10 14:07:10 r11 sudo[5816]:     root : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/ip addr add 10.0.0.1/30 broadcast + dev vti2
Viacheslav added a comment.EditedDec 10 2020, 12:34 PM
vyos@r11# set interfaces vti vti2 ?

DEBUG vexit_internal: get_parsed_tmpl: failed to parse tmpl [/interfaces/vti/node.tag/ip]

DEBUG vexit_internal: get_parsed_tmpl: failed to parse tmpl [/interfaces/vti/node.tag/ip]


Possible completions:
  <Enter>	Execute the current command
      
[edit]

Appeared after this commit
https://phabricator.vyos.net/rVYOSONEXf8c01ef3cf31e9d0fe57a51e32a7352079d0d7e7

Viacheslav changed the task status from Open to Confirmed.Dec 10 2020, 12:36 PM
Viacheslav added a comment.Dec 10 2020, 1:35 PM

PR https://github.com/vyos/vyos-1x/pull/641

Viacheslav changed the task status from Confirmed to Needs testing.Dec 10 2020, 3:36 PM
Viacheslav claimed this task.

@vlesk Will be fixed in the next rolling release.
Can you check the release after 10 Dec?

vlesk added a comment.Dec 11 2020, 4:49 AM

I checked.
In version 1.3-rolling-202012110217 issue fixed.

Viacheslav closed this task as Resolved.Dec 11 2020, 1:08 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 12:03 PM
erkin removed a subscriber: Active contributors.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 12:20 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.